idp/idpmiddleware: salt better

1 files changed, 4 insertions, 2 deletions

diff --git a/idp/idpmiddleware/middleware.go b/idp/idpmiddleware/middleware.go
index 99733f4..3ffb700 100644
--- a/idp/idpmiddleware/middleware.go
+++ b/idp/idpmiddleware/middleware.go
@@ -24,6 +24,8 @@ func hash(data string, salt string) string {
 	return fmt.Sprintf("%x", output)
 }
 
+var bootTime = time.Now()
+
 func verify(ctx context.Context, idpServer, state, code string) *http.Request {
 	u, err := url.Parse(idpServer)
 	if err != nil {
@@ -109,7 +111,7 @@ func Protect(idpServer, me, selfURL string) func(next http.Handler) http.Handler
 					ln.Log(ctx, ln.Info("setting cookie"))
 					http.SetCookie(w, &http.Cookie{
 						Name:     "within-x-idpmiddleware",
-						Value:    hash(me, idpServer),
+						Value:    hash(me+bootTime.String(), idpServer),
 						HttpOnly: true,
 						Expires:  time.Now().Add(900 * time.Hour),
 						Path:     "/",
@@ -127,7 +129,7 @@ func Protect(idpServer, me, selfURL string) func(next http.Handler) http.Handler
 			}
 
 			cookie, err := r.Cookie("within-x-idpmiddleware")
-			if err != nil || cookie.Value != hash(me, idpServer) {
+			if err != nil || cookie.Value != hash(me+bootTime.String(), idpServer) {
 				u, err := url.Parse(idpServer)
 				if err != nil {
 					http.Error(w, err.Error(), http.StatusInternalServerError)